Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't reach ip addy's that begin with "12"

Status
Not open for further replies.

colthirtytwo

IS-IT--Management
Mar 28, 2002
24
US
I haven't been able to resolve this problem where I can't get to any addresses where the first octet is 12, and they can't get to me. When I do a "tracert" it will die at the eth0/1 address. I can ping my own outside ip(the first octet is 12), and the gateway ip(the first octet is 12). I haven't found any other addresses that start with 12 that I can reach.

I'm new to cisco, so I can't find the problem. Maybe some of you pro's can help me out.

Thanks in advance,
Col. Thirtytwo





version 12.0
service config
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!

!
!
!
!
!
ip subnet-zero
no ip finger
ip name-server xxx.xx.xxx.x
ip name-server xxx.xx.xxx.x
!
!
!
interface Ethernet0/0
ip address 12.(external) 255.255.255.0
ip access-group 105 out
no ip directed-broadcast
ip nat outside
no ip mroute-cache
no cdp enable
!
interface Ethernet0/1
ip address 192.168.0.1 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
no cdp enable
!
ip default-gateway 12.xxx.xxx.xxx
ip nat pool global 12.(external) 12.(external) netmask 255.255.255.0
ip nat inside source list 5 pool global overload
ip nat inside source static tcp 192.168.0.11 80 12.(external) 80 extendable
ip nat inside source static tcp 192.168.0.11 25 12.(external) 25 extendable
ip nat inside source static tcp 192.168.0.11 110 12.(external) 110 extendable
no ip classless
ip route 0.0.0.0 0.0.0.0 12.(gateway)



ip route 192.168.0.0 255.255.0.0 192.168.0.2
ip route 192.168.0.0 255.255.255.0 12.(gateway)
no ip http server
!
access-list 105 permit ip any any
access-list 105 deny ip 192.168.0.0 0.0.0.255 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
access-list 5 permit 192.168.0.0 0.0.0.255
access-list 5 permit 192.168.0.0 0.0.255.255
no dialer-list 1 protocol ip permit

no cdp run
!
password
login
transport input pad v120 telnet rlogin udptn
line aux 0
line vty 0 4
password
login
!
end
 
Just wanted to add that when I use my Linksys router, everything works fine.....so it's not a problem with the ISP.
 
I suspect the Access-list 105. It's allowing traffic OUT the interface but not IN. First, I would take it out of the E0/0 interface and try the ping's. See what happens.
 
Try
ip route 12.0.0.0 255.0.0.0 e0/0

I've found sometimes w/ Cisco I can't access objects on the same class A subnet as my external interface. By adding an ip route statement pointing all of that traffic to my external interface, the traffic works fine.

JP
 
It also appears that your access list doesnt do anything. when the router checks the list, the first line it sees is 'permit ip any any'. when it sees that, any ip packet goes through, and the router doesnt check the rest of the list. that means that the 2 lines for net 192.168.x.x dont even get checked.
also, that access list wont filter anything into the interface, everything will come in.
another thing, try putting in 'ip classless' instead of no ip classless.
 
Thank you all for your help. I'm new to cisco, and am still learning. I'm trying to teach myself a few things, then take some classes.....it's like the blind leading the blind. :)

Degg: Thanks for the help! I tried the "ip classless" and it worked! Now my question is....what does that do?

GardenLady: I also redid my access list 105 after I posted the origional problem. I noticed the error when I copied the config to this post. I still can't get to my mail or my website on my server.

jpederson: I edited my subnet mask on the config to post it in public, and I don't know how to change it to fit my settings.
 
IP classless enables the router to route onto its directly connected networks. By default the router is not capable of passing packets destined for it local networks. We could add static routes for each of the local connnected LANS but ip classless is one heck of a lot faster. Hope that helps clear things up for you.

:)
 
Actually, IP classless has more to do with subnetting. The subnet mask you are using for your 12.x.x.x ip's is 255.255.255.0 which is a class C mask. 12.x.x.x is a class A network. your network is a subnet of a class A network, and to be able to use subnetting properly you must enable IP Classless. A 12.x.x.x network with a 255.255.255.0 mask is not a 'classful' address ie its not a class A (the mask would be 255.0.0.0) and its not a class C (class C doesnt start with 12.). Does that make things any clearer?
 
Degg: That does make things clear.....or clearer. :) That's not actually my subnet mask. I edited it for this post, but I understand what you are saying. Thanks again.
 
Yes. the answer is definetly "ip classless". The access-list might be stopping things in addition to that, but that is the obvious answer.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top